communication
07.04.2017 Views
Share Embed Flag

communication

RECON-BRX-2017-GRAP

RECON-BRX-2017-GRAP

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
fredgouth

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Disassembly Graph matching Patterns Bindings IDA plugin Perspectives<br />

grap overview (standalone tool)<br />

© 2017 Cassidian Cybersecurity SAS - All rights reserved. The reproduction, distribution and utilization of this document as well as the <strong>communication</strong> of its contents to others<br />

without express authorization is prohibited. Offenders will be held liable for the payment of damages. All right reserved in the event of the grand of a patent, utility model or design.<br />

◮ graphs: DOT 1 files<br />

◮ grap 2 : standalone tool + python bindings (pygrap) + IDA plugin<br />

Disassembly 3 : python<br />

(based on Capstone)<br />

backspace.exe<br />

import<br />

grap:<br />

python<br />

backspace.dot<br />

exec<br />

DOT parser:<br />

flex + bison (C)<br />

pattern.dot<br />

grap-match (binary)<br />

Graph matching:<br />

C++<br />

match +<br />

extraction<br />

1 The DOT Language: http://www.graphviz.org/content/dot-language<br />

2 Open source: https://bitbucket.org/cybertools/grap<br />

3 Thanks to @YoannFrancou for his work on the disassembler<br />

4<br />

3 / 39

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!